﻿<!--#include file="include/conn_f.asp"-->
<!--#include file="include/function.asp"-->
<!--#include file="ipcountry/ipcountry.asp" -->
<%
sessioncode=cStr(Session("validateCode"))

card_id=request("card_id")
username=left(saferequest("username",0),30)
password=saferequest("password",0)
validateCode=saferequest("validateCode",0)
'IP=Request.ServerVariables("HTTP_X_FORWARDED_FOR")
'If IP="" Then
    IP=Request.ServerVariables("remote_addr")
'End If
ipcountry=IP2Country(IP)


function TestCaptcha(byval valSession, byval valCaptcha)
    dim tmpSession
    valSession = Trim(valSession)
    valCaptcha = Trim(valCaptcha)
    if (valSession = vbNullString) or (valCaptcha = vbNullString) then
        TestCaptcha = false
    else
        tmpSession = valSession
        valSession = Trim(Session(valSession))
        Session(tmpSession) = vbNullString
        if valSession = vbNullString then
            TestCaptcha = false
        else
            valCaptcha = Replace(valCaptcha,"i","I")
            if StrComp(valSession,valCaptcha,1) = 0 then
                TestCaptcha = true
            else
                TestCaptcha = false
            end if
        end if		
    end if
end function
%>
<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>用户登录</title>
    <script language="javascript" type="text/javascript">
<%
If TestCaptcha("ASPCAPTCHA", validateCode) = False Then
%>  
    alert('随机码错误!');
    location.href = 'index.asp';
<%
Else
    If username<>"" and password<>"" Then
        sql="select cust_id,username,password,email,isactive,VIP,phone_confirmed,IP_country from customer where username='"&username&"' and password=old_password('"&password&"')"
        Set rs=conn.execute(sql)
        If Not rs.eof Then
            cust_id=rs("cust_id")
            isactive=rs("isactive")
            
            'If rs("IP_country")<>ipcountry Then	'登陆的IP和常用IP的国家不同
            '	If rs("IP_country")="" or ipcountry="" Then
            '		sql="update customer Set ip='"&IP&"',IP_country='"&ipcountry&"',lastlogin_time=now() where cust_id="&cust_id
            '		conn.execute sql
            '		Session("cust_id")=cust_id
            '		Session("username")=rs("username")
            '		Session("isactive")=rs("isactive")
            '		Response.Write "alert('登录成功!');"&chr(13)
            '		login_status="Succecd"
            '	Else
            '		sql="update customer Set isactive=-1,ip='"&IP&"',lastlogin_time=now() where cust_id="&cust_id 
            '		isactive=-1
            '		conn.execute sql
            '		login_status="AccountLocked"
            '	End If
            'Else
                sql="update customer Set ip='"&IP&"',lastlogin_time=now() where cust_id="&cust_id	
                conn.execute sql
                Session("cust_id")=cust_id
                Session("username")=rs("username")
                Session("isactive")=rs("isactive")
                Response.Write "alert('登录成功!');"&chr(13)
                login_status="Succecd"
            'End If			
                        
            'If isactive=1 Then
                If card_id<>"" Then
                    Response.Write "location.href='order_validate.asp?card_id="&card_id&"'"&chr(13)
                Else
                    Response.Write "location.href='welcome.asp'"&chr(13)
                End If
            'ElseIf isactive=-1 Then
            '	Response.Write "alert('出于安全原因,您的帐号需要重新激活!');"&chr(13)
            '	Response.Write "location.href='account_reactive.asp'"&chr(13)
            'Else
            '	Response.Write "location.href='account_active.asp'"&chr(13)
            'End If
        Else
            Response.Write "alert('帐号密码不符!');"&chr(13)
            Response.Write "location.href='index.asp';"&Chr(13)	
            login_status="Failed"
            'Session("login_failed")=Session("login_failed")+1
            'If Session("login_failed")>5 Then
            '	sql="update customer Set isactive=-1,ip='"&IP&"',lastlogin_time=now() where username='"&username&"' "
            '	conn.execute sql
            '	Response.Write "alert('你多次密码输入,会员帐号已被锁!');"&chr(13)
            'End If
        End If
        
        Set objfilesys=Server.CreateObject("scripting.filesystemobject")
        Set objstream=objfilesys.openTextFile("c:\xiaofm\login_log\cust_login_log.txt",8)
        objstream.writeLine(now()&"|"&IP&"|"&username&"|"&login_status)
        Set objfilesys=Nothing
        Set objstream=Nothing		
    Else
        Response.Write "alert('请输入会员帐号和密码!');"&chr(13)
        Response.Write "location.href='index.asp';"&Chr(13)	
    End If
End If
%>
    </script>
</head>
</html>
